I use the label in the docker metadata to build an index dynamically. When the label of some containers does not exist or the value is empty, I get two indexes at the same time. How can I solve this problem
Logstash configuration
output {
elasticsearch {
hosts => ["192.168.6.195:9200"]
index => "%{[container][labels][service]}-%{+YYYY.MM.dd}"
}
}
You need to check if the field exists.
output {
if [container][labels][service] {
elasticsearch {
hosts => ["192.168.6.195:9200"]
index => "%{[container][labels][service]}-%{+YYYY.MM.dd}"
}
} else if {
elasticsearch {
hosts => ["192.168.6.195:9200"]
index => "index-name-%{+YYYY.MM.dd}"
}
}
}
I've tried the following two methods, but none of them worked
output {
if [container][labels][service] != "" {
elasticsearch {
filter {
json {
source => "message"
}
ruby {
code => "
hash = event.to_hash
hash.each do |k,v|
if v == nil
event.remove(k)
end
end
"
}
}
output {
elasticsearch {
I solved the problem. Thank you very much for your help
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.